Logical Methods in Computer Science 
Vol. 8 (2:09) 2012, pp. 1-30 
www.lmcs-online.org 



Submitted Nov. 20, 201 1 
Published Jun. 4,2012 



REFINING INDUCTIVE TYPES 



ROBERT ATKEY, PATRICIA JOHANN, AND NEIL GHANI 



University of Strathclyde, UK 

e-mail address: { Robert. Atkey,Patricia.Johann, Neil. Ghani}@cis. strath. ac.uk 



Abstract. Dependently typed programming languages allow sophisticated properties of 
data to be expressed within the type system. Of particular use in dependently typed pro- 
gramming are indexed types that refine data by computationally useful information. For 
example, the N- indexed type of vectors refines lists by their lengths. Other data types may 
be refined in similar ways, but programmers must produce purpose-specific refinements on 
an ad hoc basis, developers must anticipate which refinements to include in libraries, and 
implementations must often store redundant information about data and their refinements. 
In this paper we show how to generically derive inductive characterisations of refinements 
of inductive types, and argue that these characterisations can alleviate some of the afore- 
mentioned difficulties associated with ad hoc refinements. Our characterisations also ensure 
that standard techniques for programming with and reasoning about inductive types are 
applicable to refinements, and that refinements can themselves be further refined. 



One of the key aims of current research in functional programming is to reduce the semantic 
gap between what programmers know about computational entities and what the types of 
those entities can express. One particularly promising approach to closing this gap is to 
index types by extra information that can be used to express properties of their elements. 
For example, most functional languages support a standard list data type parameterised 
over the type of the data lists contain, but for some applications it is also convenient to be 
able to state the length of a list in its type. This makes it possible, for instance, to ensure 
that the list argument to the tail function has non-zero length — i.e., is non-empty - 
and that the lengths of the two list arguments to zip are the same. Without this kind of 
static enforcement of preconditions, functions such as these must be able to signal erroneous 
arguments — perhaps using an error monad, or a built-in exception facility — and their 
clients must be able to handle the cases in which an error is raised. 

A data type that equips each list with its length can be defined in the dependently 
typed language Agda 2 [M] using the following declaration: 

1998 ACM Subject Classification: D.3.3; F.3.3; D.3.I; F.3.2; F.3.1. 
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data Vector (B : Set) : Nat -> Set where 
nil : Vector B zero 

cons : {n : Nat} -> B -> Vector B n -> Vector B (succ n) 

This declaration^ inductively defines, for each choice of element type B, a data type Vector B 
that is indexed by natural numbers and has two constructors: nil, which constructs a vector 
of data with type B of length zero (here represented by the data constructor zero for the 
natural numbers), and cons, which constructs from an index n, an element of B, and a 
vector of data with type B of length n, a new vector of data with type B of length n + 1 (here 
represented by the application succ n of the data constructor succ for the natural numbers 
to n). The inductive type Vector B can be used to define functions on lists with elements 
of type B that are "length-aware" in a way that functions processing data of standard list 
types cannot be. For example, it allows length-aware tail and zip functions to be given 
via the following Agda 2 types and definitions: 

tail : {B : Set} -> {n : Nat} -> Vector B (succ n) -> Vector B n 
tail (cons b bs) = bs 

zip : {B C : Set} -> {n : Nat} -> 

Vector B n -> Vector C n -> Vector (B x C) n 
zip nil nil = nil 

zip (cons b bs) (cons c cs) = cons (b , c) (zip bs cs) 

Examples such as these suggest that indexing types by computationally relevant information 
has great potential. However, for this potential to be realised we must better understand 
how indexed types can be constructed. Moreover, since we want to ensure that all the tech- 
niques that have been developed for structured programming with and principled reasoning 
about inductive types^ — such as those championed in the Algebra of Programming [8] 
literature — are applicable to the resulting indexed types, we also want these types to be 
inductive. This paper therefore asks the following fundamental question: 

Can elements of one inductive type be systematically augmented with compu- 
tationally relevant information to construct an indexed inductive type that 
captures the computationally relevant information in their indices? If so, 
how? 

That is, how can we refine an inductive type to get a new type, called a refinement, that 
associates to each element of the original type its index, and how can we ensure that the 
resulting refinement is inductive? 

1.1. A Naive Solution. One straightforward way to refine an inductive type is to use a 
refinement function to compute the index for each of its elements and then to associate these 
indices to their corresponding elements. To refine lists by their lengths, for example, we 
would start with the standard list data type, which has the following Agda 2 declaratiorjf): 

The {X : S} notation indicates that there is an implicit parameter of type S, named X. When applying 
a function with an implicit argument, Agda 2 will attempt to infer a suitable value for it. 

2 Recall that an inductive data type is one that an be represented as the least fixed point jiF of a functor 
F on a category suitable for interpreting the types in a language. 

3 Agda 2 allows overloading of constructor names, so we reuse the constructor names nil and cons from 
the Vector type defined above. 
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data List (B : Set) : Set where 
nil : List B 

cons : B -> List B -> List B 

We would then define the following function length by structural recursion on elements of 
List B: 

length : {B : Set} -> List B -> Nat 

length nil = zero 

length (cons _ bs) = succ (length bs) 

From these we would construct the following refinement of lists by the function length, 
using a subset type: 

ListWithLength B n = {bs : List B | length bs = n} (1.1) 

(alternatively, we could have also used a S-type to hold the list bs and the proof that 
length bs = n.) Note that this construction is global in that both the data type and the 
collection of indices exist a priori, and the refinement is obtained by assigning, post facto, 
an appropriate index to each data type element. It also suffers from a serious drawback: the 
resulting refinement — ListWithLength B here — is not presented as an inductive type, so 
the naive solution is not a solution to the fundamental question posed above. (In addition, 
the refinement ListWithLength B does not obviously have anything to do with the type 
Vector B.) So the question remains: how do we get the inductive type Vector B from the 
inductive type List B? 



1.2. A Better Solution. When the given refinement function is computed by structural 
recursion (i.e., by the fold) over the data type to be refined — as is the case for the function 
length above and is often the case in practice — then we can give an alternative construction 
of refinements that provides a comprehensive answer to the fundamental question raised 
above. In this case we can construct, for each inductive type ijlF and each F-algebra a 
whose fold computes the desired refinement function, a functor F a whose least fixed point 
fiF a is the desired refinement. This construction is the central contribution of the paper. 
Our characterisation of the refinement of \xF by a as the inductive type [iF a allows the 
entire arsenal of structured programming techniques based on initial algebras to be brought 
to bear on the resulting refinement. By contrast with the construction in (1.1) above, 
our characterisation is also local, in that the indices of recursive substructures are readily 
available at the time a structurally recursive program is written, rather than needing to 
be computed by inversion at run time from the index of the input data structure to the 
program. 

For each functor F and F-algebra a, the functor F a that we construct is intimately 
connected with the generic structural induction rule for the inductive type fiF, as presented 
by Hermida and Jacobs |24| and by Ghani, Johann, and Fumex |22j . This is perhaps 
not surprising: structural induction proves properties of functions defined by structural 
recursion on elements of inductive types. If the values of such functions are abstracted 
into the indices of associated indexed inductive types, then their computation need no 
longer be performed during inductive proofs. In essence, work has been shifted away from 
computation and onto data. Refinement can thus be seen as supporting reasoning by 
structural induction "up to" the index of a term. 
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1.3. The Structure of this Paper. The remainder of this paper is structured as follows. 
In lSection 2l we introduce inductive types and recall their representation as carriers of initial 
algebras of functors. We first recall that, for any functor F, the collection of -F-algebras 
forms a category, and then give a key theorem due to Hermida and Jacobs |24j relating 
different -F-algebras and, thereby, different refinements of fiF. In ISection "31 we define the 
fibrational framework for refinements with which we work in this paper, and introduce 
the important idea of the lifting of a functor. In ISection 4l we show how liftings can be 
used to refine inductive types, prove the correctness of our construction of refinements, and 
illustrate our construction with some simple examples. In lSection 51 we show how to refine 
inductive types that are themselves already indexed, thus extending our construction to 
allow refinement of the whole range of indexed inductive types available in dependently 
typed languages. In ISection "SI we further extend our basic refinement technique to allow 
partial refinement, in which indexed types are constructed from inductive types not all 
of whose elements have indices. Our motivating example here is that of expressions that 
can fail to be well-typed. Indeed, we refine the type of possibly ill-typed expressions by 
a type checker to yield the indexed inductive type of well-typed expressions. In ISection 7l 
we extend the basic notion of refinement in yet another direction to allow refinement by 
paramorphisms — also known as primitive recursive functions — and their generalisation 
zygomorphisms. Perhaps surprisingly, this takes us from the world of indexed inductive 
types to indexed induction-recursion, in which inductive types and recursive functions are 
defined simultaneously. In ISection 8l we conclude and discuss related and future work. 

Throughout this paper, we adopt a semantic approach based on category theory because 
it allows a high degree of abstraction and economy. More specifically, we develop our theory 
in the abstract setting of fibrations [26]. Nevertheless, we specialise to the families fibration 
over the category of sets in order to improve accessibility and give concrete intuitions; 
ISection "31 gives the necessary definitions and background. Moreover, carefully using only the 
abstract structure of the families fibration allows us to expose crucial structure that might 
be lost were a specific programming notation to be used. This structure both simplifies 
our proofs and facilitates the iteration of our construction detailed in ISection SI It also 
highlights the commonalities between the various constructions we present. In particular, 
each of the refinement processes we discuss produces functors of the form J o F, where F 
is the lifting of the functor F defining the data type \xF to be refined. We are currently 
investigating whether this observation leads to a more general theory of refinement, as 
well as its potential use in structuring an implementation. A type-theoretic, rather than 
categorical, answer to the fundamental question this paper addresses has already been given 
by McBride [32j using his notion of ornaments for data types (see ISection 8]) . 

1.4. Differences from the Previously Published Version. This paper is a revised 
and expanded version of the FoSSaCS 2011 conference version [Ij. Additional explanations 
have been provided throughout, examples have been expanded, and some of the material has 
been reordered for clarity. ISection 2.2( which explains in more detail the connection between 
initial algebras and the indexed inductive types present in systems such as Agda 2, is entirely 
new. ISection ~7\ which discusses the connection between refinement by zygomorphisms and 
indexed inductive-recursive definitions, is also completely new, and represents significant 
further development of our basic refinement technique. 



REFINING INDUCTIVE TYPES 



5 



2. Inductive Types and F-algebras 

A data type is inductive (in a category C) if it is the least fixed point [iF of an endofunctor 
F on C, in a sense to be made precise in lSection 2.1l below. For example, if Set denotes the 
category of sets and functions, Z is the set of integers, and + and x denote the coproduct 
and product, respectively, then /i-F Tree for the endofunctor F lTee X = Z + X x X on Set 
represents the following data type of binary trees with integer data at the leaves: 
data Tree : Set where 

leaf : Integer -> Tree 

node : (Tree x Tree) -> Tree 

2.1. F-algebras. Our precise understanding of inductive types comes from the categorical 
notion of an F-algebra. If C is a category and F is an endofunctor on C, then an F -algebra 
is a pair (A, a : FA — > A) comprising an object A of C and a morphism a : FA — > A in 
C. The object A is called the carrier of the F-algebra, and the morphism a is called its 
structure map. We usually refer to an F-algebra solely by its structure map a : FA — > A, 
since the carrier is present in the type of this map. 

An F -algebra morphism from a : FA — > A to a' : FB — > B is a morphism / : A — > B 
of C such that / o a = a' o Ff. An F-algebra a : Ft4 — > A is initial if, for any i 7 - algebra 
a' : F-B — > B, there exists a unique -F-algebra morphism from a to a'. If it exists, the 
initial F-algebra is unique up to isomorphism, and Lambek's Lemma further ensures that 
theQ initial .F-algebra is an isomorphism. Its carrier is thus the least fixed point ixF of F. 
We write iriF '■ F(fiF) — > [iF for the initial F-algebra, and ^o^f '■ I^F — >• A for the unique 
morphism from inF '■ F(jiF) — > \xF to any F-algebra a : FA — > A. We write (|— D for <\— \)f 
when F is clear from context. Of course, not all functors have initial algebras. For instance, 
the functor FX = (X — > 2) — > 2 on Set does not have an initial algebra. 

In light of the above, the data type Tree can be interpreted as the carrier of the 
initial -Frree-algebra. In functional programming terms, a function a:Z + ixi- >j4is 
an F Tree -algebra, and the function flaf) : Tree — > A induced by the initiality property is 
exactly the application to a of the standard iteration function fold for trees (actually, the 
application of fold to an "unbundling" of a into replacement functions, one for each of 
-^Tree's constructors) . More generally, for each functor F, the function (j— \)p ■ (FA — >• A) — > 
jj,F — > A is the standard iteration function for jj,F. 

2.2. Indexed Inductive Types as F-Algebras. Indexed types can be inductive, and 
this gives rise to the notion of an indexed inductive type. Such a type is also called an 
inductive family of types |18| . Indexed inductive types can be seen as initial F-algebras for 
endofunctors F on categories of indexed sets. For example, if B is a set of elements, then 
we can define a functor F Vect or s on the category of N-indexed sets whose least fixed point 
represents the inductive data type Vector B from [introduction! The two constructors nil 
and cons are reflected in the definition of Sectors as a coproduct, the individual arguments 
to each constructor are reflected as products within each summand of this coproduct, and 



'We identify isomorphic entities when convenient. When doing so, we write = in place of =. 
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the implicit equality constraints on the indices are reflected as explicit equality constraints. 
We define 

^vectors : (N Set) -» (N -> Set) 

^Vectors X = An.{* | n = 0} + {{n\ : N, a : B,x : Xn\) \ n = n\ + 1} 

where the notation {* | n = 0} denotes the set {*} when n = and the empty set 
otherwise. The carrier of the initial algebra in Fyect0lB : F Vect0TB (fj,F Vect0lB ) -> fj.F Vect0TB of 
this functor consists of the N-indexed family [iFy ect0TB of sets of vectors with elements from 
B, together with a function inp VsctoiB that "bundles together" the constructors nil and 
cons. In lSection 4.21 below we show how -Fvector s can be derived from the functor F^ stB 
whose least fixed point is the inductive type of lists with elements from B, together with 
the algebra lengthalg whose fold is the standard length function on lists. 

In general, AT-indexed inductive types can be understood as initial algebras of functors 
F : (X — > Set) — > (X — > Set). In ISection "31 below we will see how the collection of 
categories of indexed sets can be organised into the families fibration, in which we carry out 
the constructions giving rise to our framework for refinement. 

2.3. Categories of F-algebras. If F is an endofunctor on C, we write Alg^ for the cate- 
gory whose objects are F-algebras and whose morphisms are .F-algebra morphisms between 
them. Identities and composition in Alg^ are taken directly from C. The existence of initial 
-F-algebras is equivalent to the existence of initial objects in the category Alg^. 

In Theorems 13.31 and 16. 21 below, we will have an initial object in one category of algebras 
and want to show that applying a functor to it gives the initial object in another category of 

L 

algebras. We will use adjunctions to do this. Recall that an adjunction C ^ 1 T> between 

R 

two categories C and T> consists of a left adjoint functor L, a right adjoint functor R, and 
an isomorphism natural in A and X between the set C(LA, X) of morphisms in C from LA 
to X and the set T>(A, RX) of morphisms in T> from A to RX. We say that the functor L 
is left adjoint to R, and that the functor R is right adjoint to L, and we write L H R. To 
lift adjunctions to categories of algebras, we will make much use of the following theorem 
of Hermida and Jacobs |24j : 

Theorem 2.1. If F : C —> C andG :T>^T> are functors, L H R, andFoL = LoG is a nat- 

L V 

ural isomorphism, then the adjunction C T> lifts to an adjunction Alg F ± Algg . 

R ' R'"~ 

In the setting of the theorem, if G has an initial algebra, then so does F since left adjoints 
preserve colimits and in particular initial objects. To compute the initial -F-algebra in 
concrete situations we need to know that L'{k : GA — > A) = Lk °pa, where p is (one half 
of) the natural isomorphism between F o L and LoG. Then the initial F-algebra is given 
by applying L' to the initial G-algebra, i.e., inj? = L'(inc), and hence fxF = L'(/j,G). 

3. A Framework for Refinement 

We develop our theoretical framework for refinement in the setting of fibrational models 
of extensional Martin-L6f type theory, which is a key theory underlying dependently typed 
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programming. Since the concepts and terminology of fibrational category theory will not be 
familiar to most readers, we have taken care to formulate each of our definitions and main 
theorems in the families fibration. The families fibration gives the archetypal semantics of 
Martin-L6f type theory, in which indexed types are interpreted directly as indexed sets. In 
this section we define the families fibration, and identify the parts of its structure that we 
require for the rest of the paper. As readers who are familiar with the categorical notion 
of fibration will observe, the terminology and structure that we identify comes from fibred 
category theory. We take care to identify the particular properties of the families fibration 
that are required for our results to hold, and refer to the literature for the formulation of 
these properties in the general setting. 

3.1. The Families Fibration. As is customary, we model indexed types in the category 
Fam(Set). An object of Fam(Set) is a pair (A,P) comprising a set A and a function 
P : A — > Set; such a pair is called a family of sets. We denote a family (A, P) as P : A — >■ Set 
when convenient, or simply as P when A can be inferred from context. A morphism 
(/> /~) : (A, P) ->■ (B, Q) of Fam(Set) is a pair of functions f : A —> B and /~ : Va. Pa -> 
Q(fa). From a programming perspective, a family (A,P) is an ^4-indexed type P, where 
Pa represents the collection of data with index a. An alternative, logical, view is that 
(A, P) is a predicate representing a property P of data of type A, and that Pa represents 
the collection of proofs that a has property P. When Pa is inhabited, P is said to hold 
for a. When Pa is empty, P is said not to hold for a. We will freely switch between the 
programming and logical interpretations of families when providing intuition for our formal 
development below. 

The families fibration U : Fam(Set) — > Set is the functor mapping each family (A, P) 
to A and each morphism (/, /~) to /. The category Set is referred to as the base category 
of the families fibration and Fam(Set) is referred to as its total category. For each set A, 
the category Fam(Set) J 4 consists of families (A, P) and morphisms (/, /~) between them 
such that / = id a- Such a morphism is said to be a vertical morphism. Similarly, a vertical 
natural transformation is a natural transformation each of whose components is a vertical 
morphism. We say that an object or morphism in Fam(Set)^ is over A with respect to the 
families fibration, and call Fam(Set) J 4 the fibre of the families fibration over A. A function 
/ : A —¥ B contravariantly generates a reindexing functor f* : Fam(Set)£ — > Fam(Set) J 4 for 
the families fibration that maps (B, Q) to (A, Q o /). 

3.2. Truth and Comprehension. Each fibre Fam(Set)A has a terminal object (A, Xa : 
A. 1), where 1 is the canonical singleton set. In light of the logical reading of families 
above, this object is called the truth predicate for A. The mapping of objects to their truth 
predicates extends to a functor T : Set — > Fam(Set), called the truth functor for the families 
fibration. In addition, for each family (A,P) we can define the comprehension of (A, P), 
denoted {(A, P)}, to be Sa : A. Pa, i.e., {(a,p) \ a £ A,p € Pa}. The comprehension 
{(A, P)} packages elements a € A with proofs p € Pa. The mapping of families to their 
comprehensions extends to a functor {— } : Fam(Set) — > Set, called the comprehension 
functor for the families fibration. Overall, we have the following pleasing collection of 
adjoint relationships: 
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Fam(Set) (3.1) 
hStH){~} 




V 

Set' 

The families fibration U is thus a comprehension category with unit |25j, 126] . Like every 
comprehension category with unit, U supports a natural transformation 7r :{ — }—>• [/ such 
that Tf(A,P)( a iP) = a f° r au ( a >p) m {{A,P)}, projecting out the ^4 component from a 
comprehension. In fact, U is a /it// comprehension category with unit, i.e., the functor from 
Fam(Set) to Set^ induced by tt is full and faithful. Here, Set - ** is the arrow category of 
Set. Its objects are morphisms of Set and its morphisms from / : X — >• Y to /' : X' — >■ Y' 
are pairs (ai, 02) of morphisms in Set such that f'oa± = ai o /. Fullness means that the 
action of tt on morphisms is surjective, and faithfulness means that it is injective. Fullness 
will be used in the proof of IThcorcm 5.11 below, when we consider refinements of indexed 
types. 



3.3. Indexed Coproducts. For each function / : A —> B and family (A, P), we can form 
the family T,f(A, P) = {B, Xb. S a eA- (b = fa) x Pa), called the indexed coproduct of (A, P) 
along f. The mapping of each family to its indexed coproduct along / extends to a functor 
T,f : Fam(Set)A Fam(Set)fl which is left adjoint to the reindexing functor /* for the 
families fibration. In the abstract setting of fibrations, a fibration with the property that 
each re-indexing functor /* has a left adjoint £/ is called a bifibration, and the functors £/ 
are called op-reindexing functors. A bifibration that is also a full comprehension category 
with unit is called a full cartesian Lawvere category [25J. The families fibration is a full 
cartesian Lawvere category. 

The functors are often subject to the Beck-Chevalley condition for coproducts, which 
is well-known to hold for the families fibration. This condition ensures that, in certain 
circumstances, op-reindexing commutes with re-indexing [26]. It is used in the proof of 
ILemma 3.11 

At several places below we make essential use of the fact that the families fibration has 
very strong coproducts, i.e., that in the diagram 

P,P)}^{E / (A,P)} (3.2) 



n £f(A,P) 



A ^B 



where ip is the obvious map of families of sets over /, {ip} is an isomorphism. This notion 
of very strong coproducts naturally generalises the usual notion of strong coproducts [26] . 
and imposes a condition that is standard in models of type theory. 



3.4. Indexed Products. For each function / : A B and family (A, P) we can also 
form the family Uf(A,P) = (B,Xb. II agj 4.(6 = fa) — > Pa), called the indexed product of 
(A, P) along f. The mapping of each family to its indexed product along / extends to a 
functor II f : Fam(Set) J 4 — > Fam(Set)s which is right adjoint to the reindexing functor /* 
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for the families fibration. Altogether we have the following collection of relationships for 
each function / : A — >■ B: 



Fam(Set) B Fam(Set) j4 

Like its counterpart for indexed coproducts, the Beck-Chevalley condition for indexed prod- 
ucts is often required and indeed it holds in the families fibration. We do not make use of 
this condition in this paper. 

3.5. Liftings. The relationship between inductive types and their refinements can be given 
in terms of liftings of functors. A lifting of a functor F : Set — > Set is a functor F : 
Fam(Set) — > Fam(Set) such that F oU = U o F. A lifting is truth-preserving if there is a 
natural isomorphism T o F = F oT . Truth-preserving liftings for all polynomial functors — 
i.e., for all functors built from identity functors, constant functors, coproducts, and products 
- were given by Hermida and Jacobs |24j . Truth-preserving liftings were established for 
arbitrary functors by Ghani et al. [22] . Their truth-preserving lifting F is defined on objects 
by 

F(A, P) = (FA, Xx. {y : F{(A, P)} \ F7r (A>P) y = x}) (3.3) 
= X F7r(Ap) T(F{(A,P)}) 

Reading this definition logically, we can say that F(A, P) holds for x € FA if P holds 
for every a E A "inside" x. Thus F is a generic definition of the everywhere modality, as 
defined for containers by Altenkirch and Morris [3]. This can be seen clearly by considering 



(F + G)(A,P) = FA + GA, Aa.case a of 



the action of the lifting in (3.3) on polynomial functors: 

Td(A,P) = (A,P) 

Kb{A,P) = TB = (B, Xx. 1) 

inl x F(A,P)x 
inr y =► G(A,P)y 
(FxG)(A,P) = (FA x GA, X(a,b). F(A,P)a x G(A,P)b) 

The identity functor on Set does not contribute any new information to proofs that a 
property holds for a given data element, so its lifting is the identity functor on Fam(Set). 
For any B, the constantly -B-valued functor Kb on Set does not contribute any inductive 
information to proofs, so its lifting is the truth predicate TB for B. The lifting of a 
coproduct of functors splits into two possible cases, depending on the value being analysed. 
And a product of functors contributes proof information from each of its components. 
Lifting is defined generically in terms of the functor F, and so it is possible to compute the 
lifting of non-polynomial functors such as the the finite powerset functor. Ghani, Johann 
and Fumex |22j give further examples of the lifting F applied to non-polynomial functors. 

Below, in ILemmas 3.11 and 13.21 and ISections~4| [5j [6] and El we will be interested in 
the restriction of the lifting F to fibres over particular sets A. Given an object (A, P) of 
Fam(Set) J 4, F(A, P) is an object of Fam(Set)^. Therefore, if we restrict the domain of F 
to Fam(Set) J 4, we get a functor Fa '■ Fam(Set) J 4 — > Fam(Set)i?A- The subscript A on Fa 
indicates that we have restricted the domain to Fam(Set)A- 
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The final expression in (3.3) is given in terms of the constructions of lSections 3.21 and 
I 3.31 so the definition of a lifting makes sense in any full cartesian Lawvere category. 

Under certain conditions, the lifting F for any functor F is well-behaved with respect 
to reindexing and op-reindexing. We make this observation precise in two lemmas that will 
be used in our development of both our basic ([Section 4p and partial refinement techniques 
([Section 6|) . To state the first, we need the notion of a pullback; this notion will also be 
used in ISections~5l l~6l and d below. The pullback of the morphisms / : X — > Z and 
g : Y — > Z consists of an object W and two morphisms i : W —> X and j : W —> Y such 
that g o j = f o %. We indicate pullbacks diagrammatically by 




Moreover, for any W', i' : W 1 —> X, and j' : W — > Y such that g o f = f o i! , there exists 
a unique morphism u : W —> W such that i o u = i' and j o u = j' . When it exists, the 
pullback of / and g is unique up to (unique) isomorphism. All container functors [Tj, and 
hence all functors modelling strictly positive types, preserve pullbacks. 
We can now state our lemmas. 

Lemma 3.1. For any functor F : Set — > Set that preserves pullbacks, lifting commutes with 
reindexing, i.e., for all functions f : A — » B, there exists a vertical natural isomorphism 
F A of*^{Ff)*oF B . 

Lemma 3.2. For any functor F : Set — > Set, lifting commutes with op-reindexing, i.e., for 
all functions f : A — > B, there exists a vertical natural isomorphism Fb — ^Ff ° Fa- 

More generally, ILemma 3.1l holds in any full cartesian Lawvere category satisfying the Beck- 
Chevalley condition for coproducts, whereas ILemma 3.21 holds in any full cartesian Lawvere 
category with very strong coproducts. 

Since F is an endofunctor on Fam(Set), the category Alg^, of F-algebras exists. The 
families fibration U : Fam(Set) — > Set extends to a fibration U Mg : Algp — > Alg^, called the 
algebras fibration induced by U. Concretely, the action of U Me is the same as that of U, so 
that C/ A| g(fc : FP -+ P) = (Uk : FUP UP) on objects and U M %{h : (fa : FP -> P) -> 
(k2 : FQ — > Q)) = Uh on morphisms. Moreover, writing T Alg and {— } Alg for the truth and 
comprehension functors for t/ Alg , respectively, the adjoint relationships from Diagram 3.1 



all lift to give U Mg H T Alg H { — } Alg . The two adjunctions here follow from [Theorem 2~ 



using the fact that F is a truth-preserving lifting. That left adjoints preserve initial objects 
can now be used to establish the following fundamental result, originally from Hermida and 
Jacobs [24], and generalised by Ghani et al. [22\: 

Theorem 3.3. T(/j,F) is the carrier /iF of the initial F -algebra. 

ITheorem 3.31 can be generalised to any full cartesian Lawvere category. As shown by Her- 
mida and Jacobs, and by Ghani et al, it can be used to give a generic structural induction 
rule for any functor F having an initial algebra. 
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4. From Liftings to Refinements 

In this section we show that the refinement of an inductive type /j,F by an F-algebra 
a : FA — > A — i.e., the family 

(A, Xa : A. {x : fiF \ <\a]jx = a}) (4.1) 



generalising the refinement in (1.1) — is inductively characterised as /J,F a , where F a : 
Fam(Set) J 4 — > Fam(Set) J 4 is given by 

F a (A, P) = (A, Xa. {x : F{(A, P)} \ a{Fir {AP) x) = a}) (4.2) 

That is, F a (A, P) is obtained by first building the FA-'mdexed type F{A, P) from |Equation 373[ 
and then restricting membership to those elements whose a-values are correctly computed 
from those of their immediate subterms. More generally, we can express F a in terms of the 
constructions of lSection 31 as 

F a = S a o F A (4.3) 
Before we prove that the above construction of F a is correct, we show that it yields 



the refinement of lists by the length function given in (1.1 



Example 1. The inductive type of lists of elements with type B can be specified by the 
functor F ListB X = 1 + B x X. Writing Nil for the left injection and Cons for the right 
injection into the coproduct F^ stB X, the F ListB -algebra lengthalg : -Fi,ist s N — > N that 
computes the lengths of lists is 

lengthalg Nil =0 
lengthalg (Cons(6, re)) = n + 1 

In the families fibration, we can calculate the refinement of /ii^Lists by the algebra lengthalg 
as follows: 

plengthalg ^ 

= (N, Xn.{x : i ? L ist B {(N,P)} | lengthalg (F ListB Tr^ P )x) = re}) 

= (N, An. {x : 1 | lengthalg (Nil) = re} 
+ 

{x : B x {(N, P)} | lengthalg (Cons((B x 7T( N p))x)) = re}) 



The first equality holds by (4.3) and the expansion of this expression in the families fibration. 
The second is obtained by unfolding the definition of F Llst as a coproduct, which allows 
the refinement to be presented as a coproduct as well. In the first summand of the final 
expression above, lengthalg (Nil) = 0, so that {x : 1 | lengthalg (Nil) = re} reduces to {* 
= re}. We can expand the product and comprehension parts of x in the second summand 
to see that {x : B x {(N, P)} | lengthalg (Cons((B x TTmp))^)) = n } reduces to {b : B,ni : 
N, I : Pn\ | lengthalg (Cons(6, rei)) = re}. Since lengthalg (Cor\s(b, rex)) = rei + 1, the whole 
refinement can therefore be expressed as 

plengthalg p ^ = ^ j q = n} + {6 : 1?, rei : N, / : Pn\ | m + 1 = n }) 

As we shall see in lTheorem 4.61 below, the least fixed point ^F^^ al9 of this functor exists 
and is (N, Are. {x : fiF ListB \ (\lengthalg\jx = re}), exactly as required. Moreover, the 
expression for F L ^? R 9 derive d here is exactly the same as the definition of the functor 
Pvector s given in ISection 2.21 whose least fixed point models the Agda 2 declaration of 
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Vector B given in the lintroductionl The derivation just completed therefore justifies this 
definition of Vector B. 



4.1. Correctness of Refinement. We now turn our attention to proving the correctness 



of our refinement construction from (4.2) The proof makes good use of the relationship 
between the category Fam(Set) and the categories Fam(Set)yi for various sets A, as well as 
of the lifting of this relationship to the categories Alg^, and Alg Fa of algebras. 
We begin with a simple, but key, observation, namely: 

Lemma 4.1. Let (A, P) and (B, Q) be objects in Fam(Set), and let f : A — > B be a function. 
The set of morphisms h in Fam(Set) from (A, P) to (B, Q) such that Uh = f is isomorphic 
to the set of morphisms in Fam(Set)A from (A,P) to f*(B,Q). 

Proof. This follows directly from the definitions. On the one hand, a morphism h in 
Fam(Set) from (A,P) to (B,Q) such that Uh = f is a pair (f,h~), where /i~ : Vo.Pa — >■ 
Q(/a). On the other, the definition of the re-indexing functor /*, i.e. f*(B, Q) = (A, Qof), 
entails that a morphism in Fam(Set)^ from (A, P) to f*(B,Q) is a pair (id,h~), where 
h~ : Va.Pa — > Q(fa). There is clearly an isomorphism between these sets of morphisms. Q 

To understand the relationship between the category of F-algebras and the category of 
F Q -algebras, it is convenient to define category of -F-algebras that are over the F-algebra 
a with respect to the fibration U Mg defined at the end of lSection 3.51 

Definition 4.2. For each F-algebra a : FA — > A, the category (Algg,) Q of F-algebras over 
a with respect to U Mg has as objects F-algebras k : FP — > P such that Uk = a, and as 
morphisms F-algebra morphisms / : (k\ : FP — > P) — > (k% : FQ — > Q) such that Uf = id. 

Lemma 4.3. For each F-algebra a : FA — > A, there is an isomorphism of categories 
(Alg # ) a Alg Fa . 

Proof. We demonstrate only the isomorphism on objects here; the isomorphism on mor- 
phisms is similar. An object of (Alg^)^ is a pair comprising a family (^4, P) and a morphism 
k : F(A, P) — > (A, P) in Fam(Set) such that Uk = a. Bv lLemma 4.11 such morphisms k are 
in one-to-one correspondence with the morphisms k' : F(A,P) —> a*(A,P) in Fam(Set)i?A- 
By the adjunction S a H a*, the latter morphisms are in one-to-one correspondence with 
the morphisms k" : T, a F(A, P) — > (A, P) in Fam(Set)A- By the definition of F a , these 
morphisms are exactly the F Q -algebras, i.e., the objects of Alg Fa . □ 

The next lemma shows that the reindexing and op-reindexing functors for U Mg : Alg p — > 
Alg^ are inherited from U : Fam(Set) — > Set. We have: 

Lemma 4.4. For every F-algebra morphism f : (a : FA — > A) — > ((3 : FB — > B), there are 
functors f* Mg : (Alg^ -> (Alg^) Q and sj lg : (Alg # ) Q -> (Alg^ such that S^ lg H f* Mg . 

Moreover, for any F-algebra k : F(A, P) (A,P), the F-algebra S^ lg (/fc : F(A,P) -> 
(A,P)) has carrier T l f(A,P), and for any F-algebra k' : F(B,Q) — > (B,Q), the F-algebra 
f* Mg (k' : F(B,Q) -> (B,Q)) has carrier f*(B,Q). 
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Proof. By ILemma 4.31 we can treat (Alg^) Q as if it were Alg^ Q , and (Algp)p as if it 
were Alg^. In IScction "31 we noted that for any f : A —> B, there are functors /* : 
Fam(Set)s — > Fam(Set)^ and T,j : Fam(Set)A — > Fam(Set)# such that £y H /*. The 
lemma statement is now a consequence of ITheorem 2.11 provided we can establish the 
isomorphism F 13 o Sj = Ylf o F a . But we can verify the existence of such an isomorphism 
as follows: 

Z f oF" 

= o S Q o Fa by the definition of F a 

= S^oEfjo Fa since / is an F-algebra morphism 

= E^oi^oSy by ILemma 3,21 

= F@ o Sj by the definition of F° 

This is exactly as required. □ 

We can now see that ILemma 4. ll generalises from the categories in the families fibration 
to those in U Mg . This gives: 

Lemma 4.5. Let let fa : F(A,P) -» (A,P) and fa : F(B, Q) -> (B,Q) be objects of 
(Alg£,) Q and {K\gp)p, respectively, and let f : (a : FA — >• A) — > (/3 : FB — > B) be an 
F -algebra morphism. The set of morphisms h in Algp from fa : F(A,P) — > (A,P) to 
fa ■ F(B,Q) — > (B,Q) such that U Mg h = f is isomorphic to the set of morphisms in 
(Alg p ) a from fa : F{A,P) -»• (A,P) to f* Mg {fa : F(B, Q) -»• (B,Q)). 

Proof. The proof is tedious but not difficult. The key point entails constructing from each 
F-algebra morphism h : (A, P) — > (B, Q) such that U Mg h = f another F-algebra morphism 
h" : (A, P) — > f*(B,Q) such that U Mg h' = id. This is made easier by observing that the 
definition of /* A| s : (Alg^,)^ — > (Alg£,) a obtained by applying ITheorem 2.11 in the proof 
of ILemma 4.41 is equivalent to the functor which on input k : F(B,Q) — > (B,Q) returns 
(f)o (Ff)*koF(f, id), where <f> : (Ff)*(3*(B, Q) -> a*f*(B,Q) is the isomorphism derived 
from the fact that / is an F-algebra morphism. □ 

Putting this all together, we can now give our explicit characterisation of /iF a . 

Theorem 4.6. The functor F a has an initial algebra with carrier S^T^F), i.e., with 
carrier (A, Xa : A. {x : /uF \ (\a\)x = a}). 

Proof. By ILemma 4.31 it suffices to show that the category (Alg^)o, has an initial object 
with carrier S(| a pT(/iF). We construct an initial object in (Alg^,) a from the initial F- 
algebra inp : F(T(//F)) — > T(fiF) from ITheorem 3.31 Since U Mg is a left adjoint, it 
preserves initial objects, so that U Mg (inp : F(T(/uF)) — > T(/xF)) is the initial -F-algebra 
inp : F(fiF) — > fj,F. We can apply to the initial F-algebra to get our candidate object 

Y,^(inp : F(T(^F)) — > T(fiF)). By ILemma 4.41 this candidate has carrier S^pT^F), as 
required. 

To see that our candidate object is initial in (Algp) a , let k : F(yl,F) — > (A,P) be any 
object in (Alg^Q,. Then 



11 



R. ATKEY, P. JOHANN, AND N. GHANI 



(Alg^) a (EjJ(m # : F(T(jmF)) T(/iF)), (k : F(A, P) (A, P))) 

* (Al gj ,) inF ((m # : P(T(/iF)) T(/iP)), H* A ' g (^ : ^.P) -> (A,P))) 

by ILemma 4 .41 

* {/i : Alg^((zn^ : F(T(fxF)) T^P)), (fc : F(A, P) -)■ (A, P))) | U Al g h = (jqj)} 

by ILemma 4 .51 

Since me, : F(T(fiF)) — > T(fiF) is the initial P-algebra and J7 Alg takes (j&D to da|), the final 
set in the above sequence has exactly one element. Thus there is exactly one morphism 
from EjJ(tn^ : F(T(pF)) -> T(/xF)) to (ft : P(A,P) (A-P)) in (Alg^) aj and so our 
candidate object is indeed initial in (Alge,) a . □ 

For readers familiar with fibred category theory, we briefly sketch how our definitions 
and proofs may be generalised. We have been careful to state the definition of F a in terms 
of the abstract structure we identified in lSection 31 It can therefore be generalised to any 
full cartesian Lawvere category with very strong coproducts. ILemmas 4.41 and I 4.51 as well 
as lTheorem 4.61 can also be generalised. As was shown by Hermida and Jacobs [23], for any 
lifting P, the obvious generalisation of the functor U Mg : Alg F — > Alg F is a fibration. The 
generalisation of ILemma 4.31 is a result about the fibre categories of this fibration, and the 
generalisation of ILemma 4.41 shows that it is a bifibration (i.e., that the re- indexing functors 
have left adjoints). The generalisation of lTheorem 4.61 then follows from the Proposition 
9.2.2 of Jacobs' book |26j . which relates initial objects in the total category of a fibration 
with initial objects in the fibres. 



4.2. More Example Refinements. The following explicit formulas can be used to com- 
pute refinements for polynomial functors with respect to the families fibration: 

Id a (A,P) = {A,Xa.{x : {(A,P)} | a(Tr {AP) x) = a}) 

= (A,Xa.{a' : A,p : Pa' \ aa' = a}) 
K%{A,P) = (A, Xa.{x : B \ ax = a}) 

(G + H) a (A,P) = (A,Xa.{x:G {(A,P)}\a(\n\(GTT {A:P) x)) = a} 

+ {x:H {(A,P)} | a(\nr{HTT {AP) x)) = a}) 
= (A, Xa. G aoM Pa + H ao ' mr Pa) 
(G x H)<*(A, P) = (A, Xa. { x x : G {(A, P)}, x 2 : H {(A, P)} | 

a(G , vr( Ai p)Xi,P7r( J 4p)X 2 ) = a}) 

Refinements of the identity and constant functors are as expected. Refinement splits co- 
products of functors into two cases, specialising the refining algebra for each summand. It 
is not, however, possible to decompose the refinement of a product of functors G x H into 
refinements of G and H, not even by algebras other than a. This is because a may need to 
relate multiple elements to the overall index. 

Example 2. We can refine juPx ree by the Pr re e-algebra sumAlg given by 

sumAlg : P Tree Z — > Z 

sumAlg (Leaf z) = z 

sumAlg (Node {I, r)) = l + r 

The fold of sumAlg sums the values stored at the leaves of a tree. It yields the refinement 

T-iSumAlq ■ i 
/^Tree S lven b Y 

psumAlg^ p ^ = ^ Xn . {z : Z \ z = n} + {I, r : Z, Xl : PI, x 2 : Pr \ n = I + r }) 
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By ITheorem 4,61 and the definition of ^A mm AM we have that the refinement fiFj^™ 9 is 
Xn.{x : /i-F-Tree I (\sumAlg\)x = re}. This refinement indexes the elements of fiF Tree by the 
sums of the values in their leaves. It corresponds to the Agda 2 declaration 
data SumTree : Integer -> Set where 
SumLeaf : (z : Integer) -> SumTree z 

SumNode : (1 r : Integer) -> SumTree 1 -> SumTree r -> SumTree (1 + r) 

Note that in the second summand of Fj^™ Alg we have two recursive references to P, each 
with a separate index, and that these indices are related to the overall index n as in the 
second case of sumAlg. However, the basic refinement process developed in this section 
cannot be used to require indices of subterms to be related to one another in particular 
ways. For instance, it cannot enforce the requirement that the two subtrees sum to the 
same value, or that the tree satisfy some balance property. Indeed, if such restrictions are 
imposed, then some elements of the underlying data type may fail to be assigned an index. 
We show how to treat this via partial assignment of indices in ISection 6l 



4.3. Limiting cases. The two limiting cases of refinement are deserving of attention. Re- 
fining by the initial F-algebra inp : F(fiF) — > [iF gives a fiF-indexed type inductively 
characterised as the least fixed point of the functor F mp = Y>i nF F. Since mj? is an isomor- 
phism, S inF is as well. Thus F inp = F, so that ^F inp = /jlF = T( / uF). Taking, for each 
x : fiF, the canonical singleton set 1 to be {x}, we can regard each element of (iF is its 
own index. By contrast, refinement by the final algebra ! : Fl — > 1 gives a 1-indexed type 
inductively characterised by F'. Since F' = F, the inductive type /iF* is actually fiF. Since 
1 is the canonical singleton set, all elements of \xF have exactly the same index. Refining 
by the initial F-algebra thus has maximal discriminatory power, while refining by the final 
F-algebra has no discriminatory power whatsoever. 



5. Starting with Already Indexed Types 

The development in ISection 4l assumes that the type being refined is the initial algebra of 
an endofunctor F on Set. This seems to preclude refining an inductive type that is already 
indexed. But since we carefully identified the abstract structure of Fam(Set) needed to 
construct our refinements, our results can be extended to any fibration having that structure. 
We now show that, in particular, we can refine already indexed types. 

To this end, let A be a set, and suppose we want to refine an ^4-indexed type. As we 
have seen, such types may be interpreted in the category Fam(Set),4. The carrier of an 
F-algebra a with respect to which we want to refine an already A-indexed type will thus 
be an A-indexed set B : A — > Set, and the resulting refinement will be a type of the form 
Va.Ba Set, i.e., will be a family of sets that is doubly indexed by both A and B. 

Just as the categories of indexed sets comprise the category Fam(Set) in ISection 31 the 
families indexed by A-indexed sets comprise a category Fam(Set)A Xset Fam(Set). (Our 
notation is derived from the pullback construction used to construct this category in the 
general setting; see below.) Objects of Fam(Set)A ><Set Fam(Set) are pairs (B,P), where 
B : A — > Set and P : \/a.Ba — > Set, and morphisms are pairs (/, /~) : (B,P) — > (C,Q), 
where / : Ma.Ba — > Ca and /~ : Va, b £ Ba.Pab — > Qa(fab). And just as there is a functor 
U : Fam(Set) — > Set defined by U(A,P) = A on objects and U(f,F~) = f on morphisms, 
there is a functor U A : Fam(Set)A xs e t Fam(Set) ->■ Fam(Set) J 4 defined by U A (B,P) = B 



16 



R. ATKEY, P. JOHANN, AND N. GHANI 



on objects and U A (f, /~) = / on morphisms. We may now recreate each of the structures 
we identified for the families fibration in ISection "31 for the new fibration given by U A . We 
have: 

• Fibres: For each object B of Fam(Set)A, the fibre of (Fam(Set)A xg et Fam(Set)) over 
B is the category (Fam(Set) J 4 Xg et Fam(Set))e consisting of objects of Fam(Set) J 4 xg et 
Fam(Set) whose first component is B, and morphisms (/, /~), where / = id. By abuse 
of terminology such morphisms are again said to be vertical. 

• Reindexing: Given a morphism / : B — > C in Fam(Set), we can define the re-indexing 
functor /* : (Fam(Set) J 4 xs c t Fam(Set))c — > (Fam(Set)yi Xg et Fam(Set))B by composition, 
similarly to how reindexing is defined for the families fibration. 

• Truth functor. For each set A, we can define T A : Fam(Set) J 4 — > Fam(Set) J 4 xg ct Fam(Set) 
by T A (B) = (B,Xab. 1). As in the families fibration, this mapping of objects to truth 
predicates extends to a functor, called the truth functor for U A . 

• Comprehension functor: For each set A, we can define {— } A : Fam(Set)^ Xg et Fam(Set) —> 
Fam(Set)A by {(B,P)} A = Aa.{(6 E Ba,p E Pab)}. As in the families fibration, this 
mapping of objects to their comprehensions extends to a functor, called the comprehension 
functor for U A . 

• Indexed coproducts: For any morphism / : B — > C in Fam(Set)A, we can define Y*f : 
(Fam(Set) J 4 Xg et Fam(Set))£ — > (Fam(Set) J 4 Xs e t Fam(Set))c by 

Z f (B,P) = (C, Aac.S befla .(c = fab) x Pab). 

• Indexed products: For any morphism / : B — > C in Fam(Set)^, we can define Hf : 
(Fam(Set) J 4 Xg et Fam(Set))£ — > (Fam(Set) J 4 Xs e t Fam(Set))c by 

IL f (B, P) = (C, Xa c.n b£Ba . (c = fab) -+ Pab) 

Given these definitions, we can check by hand that they satisfy the same relationships from 
ISection "31 that their counterparts for the families fibration do. It is therefore possible to 
re-state each of the definitions and results in ISections 3.51 and l~4l for U A , and, thereby, to 
derive refinements of already indexed inductive types. The constructions that we carry out 
in the families fibration in ISections~6l and [3 can similarly be carried out in U A as well. 

For readers familiar with fibred category theory, we now sketch how to generalise the 
above construction to construct a suitable setting for indexed refinement from any full carte- 
sian Lawvere category with products and very strong coproducts, provided these satisfy the 
Beck-Chevalley condition for coproducts. For this we can use the change- of -base construc- 
tion for generating new fibrations by pullback [26]. Indeed, if A is an object of £, then the 
following pullback in Cat, the large category of categories and functors, constructs £a x #£: 

£a *b£ — ^£ 



V 



u 



£a i} ^ B 

Instantiating £ to Fam(Set) and U to the families fibration constructs Fam(Set) 7 4 Xg c t 
Fam(Set) as defined above, up to currying. Moreover, the following theorem shows that 
all the structure we require for constructing refinements is preserved by the change-of-base 
construction, and thus ensures that the change-of-base construction can be iterated as often 
as desired. 
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Theorem 5.1. If XJ is a full cartesian Lawvere category with products and with very strong 
coproducts satisfying the Beck- Chev alley condition for coproducts, then so is U . 

Proof. (Sketch) First, U A is well-known to be a fibration by its definition via the change- 
of-base construction [26J. The truth functor for U A is defined for objects P in Ea by 
T A P = (P, T{P}), and the comprehension functor for U A is defined by {(P, Y)} A = T, np Y, 
where P G Ea and Y € £{p}- Coproducts are defined directly using the coproducts of U. Q 

Example 3. To demonstrate the refinement of an inductive type which is already indexed 
we consider a small expression language of well-typed terms. Let T = {int,bool} be the 
set of possible base types. The language is /uF wtexp for the functor F wtexp : Fam(Set)7 — > 
Fam(Set)7- given by 

i ? wtexp(T, P) = (T, At : T. {z:Z\t = int} 

+ {b : B | t = bool} 

+ {xi : Pt, x 2 : Pt\t = int} 

+ {x! : Pbool, x 2 : Pt, x 3 : Pt}) 

This specification of an inductive type corresponds to the following Agda 2 declaration, 
where we write Ty for the Agda 2 equivalent of the set T: 
data WTExp : Ty -> Set where 

intConst : Integer -> WTExp Int 

boolConst : Boolean -> WTExp Bool 

add : WTExp Int -> WTExp Int -> WTExp Int 

if : (t : Ty) -> WTExp Bool -> WTExp t -> WTExp t -> WTExp t 

The type WTExp cannot be constructed by the process of refinement presented in lSection 41 
Indeed, the indices of subexpressions, and not just the overall indexes, are constrained in 
the types of the add and if constructors. This accords with the discussion at the end of 
ISection 4.21 Fortunately we can, and will, show in ISection "61 how to extend the notion of 
refinement to the situation where not every element of a data type can be assigned an index. 

Meanwhile, in light of lTheorem 5.11 we can refine the already indexed type fJ-F wtexp . For 
any t, write IntConst, BoolConst, Add, and If for the injections into (snd (-F w texp (7~, P))) t. 
Let IB = {true, false} denote the set of booleans, and assume there exists a 7~-indexed family 
T such that T int = Z and T bool = B. Then T gives a semantic interpretation of the types 
from T that can be used to define an P w -texp~algebra evalAlg whose fold specifies a "tagless" 
interpreter. We have: 

evalAlg : F wtexp (T,T) -)• (T,T) 

evalAlg = (id, Xx : T ■ \t : snd (F wtexp (T, T)) x. case t of 
IntConst z =4> z 
BoolConst b b 
Add (21,22) =>■ zi + z 2 
\f (b,xi,x 2 ) =>• if b then x\ else x 2 ) 

The function <\evalAlg\j : \/t. /U-F wtexp i — > Tt does indeed give a semantics to each well- 
typed expression. Refining /i-F wtexp by evalAlg yields an object WTExpSem of Fam(Set)7- Xs e t 
Fam(Set) over (T, T), i.e, an object of Fam(Set) indexed by {(T, T)}. This {(T, T)}-indexed 
data type associates to every well-typed expression that expression's semantics. As an Agda 
2 declaration, it can be expressed as follows, after applying a few type isomorphisms to make 
the declaration more idiomatic: 
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data WTExpSem : (t : Ty) -> T t -> Set where 



intConst 

boolConst 

add 



if 



(z : Integer) -> 
(b : Boolean) -> 
(zl z2 : Integer) -> 
WTExpSem Int zl -> 
WTExpSem Int z2 -> 
(b : Boolean) -> 
(t : Ty) -> 
(xl x2 : T t) -> 
WTExpSem Bool b -> 
WTExpSem t xl -> 
WTExpSem t x2 -> 



WTExpSem Int z 
WTExpSem Bool b 



WTExpSem Int (zl + z2) 



WTExpSem t (if b then xl else x2) 



Here, we have assumed a standard if _then_else notation for eliminating booleans. 



6. Partial Refinement 

In ISections~4l and [3] we assumed that every element of an inductive type can be assigned 
an index. Every list has a length, every tree has a number of leaves, every well-typed 
expression has a semantic meaning, and so on. But how can an inductive type be refined if 
only some data have values by which we want to index? For example, how can the inductive 



type of well-typed expressions of |Example 3| be obtained by refining a data type of untyped 
expressions by an algebra for type assignment? And how can the inductive type of red- 
black trees be obtained by refining a data type of coloured trees by an algebra enforcing 
the well-colouring properties? As these questions suggest, the problem of refining subsets of 
inductive types is a common and naturally occurring one. Our partial refinement technique, 
which we now describe, can solve this problem. 

6.1. Partial Algebras. To generalise our theory to partial refinements we move from 
algebras to partial algebras. If F is a functor, then a partial F -algebra is a pair (A, a : 
FA — > (1 + A)) comprising a carrier A and a structure map a : FA — > (1 + A). We write 
ok : A — > 1 + A and fail : 1 —¥ 1 + A for the injections into 1 + A, and often refer to a partial 
algebra solely by its structure map. The functor MA = 1 + A is (the functor part of) the 
error monad. 

Example 4. The inductive type of expressions is nF ex -p for the functor F exp X = Z + B + 
(X x X) + {X x X x X). Letting T = {int, bool} as in |Example 3 and using the obvious 
convention for naming the injections into F exp X, types can be inferred for expressions using 
the following partial Fexp-algebra: 

tylnfer : F exp T -> 1 + T 

tylnfer (IntConst z) = 
tylnfer (BoolConst b) = 

tylnfer (Add (ti,t 2 )) = 



tylnfer (If (h,t 2 ,t 3 )) 




if t\ = int and t 2 = int 

otherwise 
if ti = bool and t 2 = t% 
otherwise 
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Example 5. Let C = {R,B} be a set of colours. The inductive type of coloured trees is 
fiF ctree for the functor F ctree X = 1+Cxlxl. We write Leaf and Br for injections into 
F ctTee X. Red-black trees [13] are coloured trees satisfying the following constraints: 

(1) Every leaf is black; 

(2) Both children of a red node are black; 

(3) For every node, all paths to leaves contain the same number of black nodes. 

We can check whether or not a coloured tree is a red-black tree using the following partial 
-Fctree-algebra. Its carrier C x N records the colour of the root in the first component and 
the number of black nodes to any leaf, assuming this number is the same for every leaf, in 
the second. We have: 

checkRB : F ctree (C x N) -> 1 + (C x N) 

checkRB Leaf = ok (B, 1) 

checkRB (Br (R, (si (52, TI2))) = l*^ "a^Z = " ^ = 
™ ( B r( B,(, 1 ,„ 1 ),( S2 ,» 2 ))) = hi/ 6 '"'* 1 ' oZZZ 



6.2. Using a Partial Algebra to Select Elements. We now show how, given a partial 
algebra, we can use it to select some of the elements of an underlying type and assign them 
indices. The key to doing this is to turn every partial i^-algebra into a (total) -F-algebra. 
Let X : F o M — > M o F be any distributive law for the error monad M over the functor 
F. Then A respects the unit and multiplication of M (see [6] for details). Every partial 
F- algebra k : FA — > (1 + A) generates an F- algebra k : F(l + A) — > (1 + A) defined by 
k = [fail, k] a Xa, where [fail, k] is the cotuple of the functions fail and k. 

We can use k to construct the following global characterisation of the indexed type for 
which we seek an inductive characterisation: 

(A, Xa. {x : jiF | d^Dx = ok a}) 



As in (1.1) , we can consider this characterisation a specification; it is similar to the specifi- 
cation ^n~[Section~31 except that the index generated by the algebra k is required to return 
oka for some a £ A. We can rewrite this specification as follows, using the categorical 
constructions from ISection "31 and ITheorem 4.61 

(A, Xa. {x:fiF\ = oka}) = ok* o E^T^F) = ok*>.F* (6.1) 

Rewriting the specification in this way links partial refinements with the indexed inductive 
type generated by the refinement process given in ISection 4] 



6.3. Construction and Correctness of Partial Refinement. Refining [iF by the F- 
algebra k using the techniques of ISection "11 would result in an inductive type indexed by 
1+A. But our motivating examples suggest that what we actually want is an A-indexed type 
that inductively describes only those terms having values of the form ok a for some a € A. 
Partial refinement constructs, from a functor F with initial algebra inp : F(fiF) — > fj,F, 
and a partial F-algebra k : FA — > 1 + A, a functor F ?K such that = (A, Xa. {x : fiF \ 

(|7c[)x = ok a}) = ok*fiF K . To this end, we define 

F lK = ok* o Yj k o Fa (6.2) 
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We note that, in the special case of the families fibration, this definition specialises to 
F ?K = (A,Xa.{x : F{(A,P)} \ k(Ftt^ A p^x) = ok a}). Now, since left adjoints preserve 
initial objects, we can prove jiF' K = ok*/j,F K by lifting the adjunction on the left below 
(cf. ISection 3.4|) to an adjunction between Alg^? K and Alg^- via lTheorem 2 .11 



ok" 



Fam(Set) J 4 _L Fam(Set)i + A Alg F -> K ± Alg F - 

n ok ' 

To satisfy the precondition of ITheorem 2.11 we must prove that F^ K o ok* = ok* o F K . To 
show this, we reason as follows: 

ok* o 

= ok* o o Fa by definition of F K 

^ ok* o S K o (F ok)* o Fa bv lLemma 6TT1 below 
= ok* o S K o F\ + a ° ok* bv lLemma 3.11 
= F ?K o ok* by definition of F ?K 

In these steps we have made use of two auxiliary results, relying on two assumptions. First, 
in order to apply ILemma 3,14 we have assumed that F preserves pullbacks. Secondly, we 
have made use of the vertical natural isomorphism ok* o — °k* ° S K o (Fok)* . We may 
deduce the existence of the latter if we assume that the following property, which we call 
non-introduction of failure, is satisfied by the distributive law A for the error monad M over 
F: for all x : F(l + A) and y : FA, Xax = ok y if and only if x = Foky. This property 
strengthens the usual unit axiom for distributive laws in which the implication holds only 
from right to left, and ensures that if applying A does not result in failure, then no failures 
were present in the data to which A was applied. Every container functor has a canonical 
distributive law for M satisfying the non-introduction of failure property. 

Lemma 6.1. If the distributive law A satisfies non-introduction of failure, then ok* o T,^ = 
ok* oS K o (Fok)*. 

Proof. Given (F(l + A), P : F(l + A) -> Set), we have 

(ok* o S^)(F(1 + A), P) 

= (A,Xa : A. {(x 1 : F(l + A),x 2 : Px x ) \ [fail, k]{X a xx) = ok a}) 

= (A, Xa : A. {x± : FA, x 2 : P(F okxi) \ kx 1 = ok a}) 

* (A,ok*cX K c(Fok)*(F(l + A),P)) 

Here, we have instantiated the definitions in terms of the constructions from ISection "31 for 
the families fibration. □ 

Putting everything together, we have shown the correctness of partial refinement: 

Theorem 6.2. If X is a distributive law for the error monad M over F with the non- 
introduction of failure property, and if F preserves pullbacks, then F' K has an initial algebra 



whose carrier is given by any, and hence all, of the expressions in (6.1) 



In fact, Lemma 6.1, and hence Theorem 6.2, holds in the more general setting of a full 
cartesian Lawvere category with products and very strong coproducts that satisfy the Beck- 
Chevalley condition for coproducts, provided that the base category satisfies extensivity [TO] . 
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In the general setting, the non-introduction of failure property can be formulated as requir- 
ing that the following square (which is the unit axiom for the distributive law A) is a 
pullback: 

FA -^ii?(l + A) 



id 



FA 



ok 



l + FA 



Moreover. ITheorem 5.1l extends to show that extensivity is also preserved by change-of-base 
provided all of the the fibres of the given full cartesian Lawvere category satisfy extensivity. 
This ensures that the process of partial refinement can be iterated as often as desired. 



7. Refinement by Zygomorphisms and Small Indexed Induction-Recursion 

The refinement process of ISection "41 allows us to refine an inductive data type by any 

function definable as a fold. Despite this generality, the restriction to functions defined by 

folds can be a burden. Consider, for example, the following structurally recursive function 

on natural numbers that computes factorials: 

factorial : Nat -> Nat 

factorial zero = succ zero 

factorial (succ n) = succ n * factorial n 

This factorial function is not immediately expressible as a fold of an algebra on the 
natural numbers; indeed, the right-hand side of the second clause uses both the result of 
a recursive call and the current argument, but a fold cannot use the current argument 
in computing its result. The style of definition exemplified by factorial is known as a 
paramorphism [33]. As we recall in ISection 7.11 below, such definitions can be reduced to 
folds. However, reducing factorial to a fold and then refining as in ISection 41 yields a (Nat 
x Nat)-indexed type, i.e., a doubly indexed type that reveals the auxiliary data used to 
define factorial as a fold. But rather than (Nat x Nat)-indexed type, what we actually 
want is an inductive characterisation of the following Nat-indexed type: 

FactorialNat n = {x : Nat | factorial x = n} (7.1) 

If we try to implement FactorialNat inductively in Agda 2, then we get stuck at the point 
marked by ??? below: 

data FactorialNat : Nat -> Set where 
fnzero : FactorialNat (succ zero) 
fnsucc : {n : Nat} -> 

(x : FactorialNat n) -> 
FactorialNat (succ ??? * n) 
We'd like to put x in place of ???, but there is a problem. Indeed, if x : FactorialNat n, 



then in (7.1) we know that x : Nat, so we can use the assertion factorial x = n. But in 
the above Agda 2 code we cannot conclude that if x : FactorialNat n, then x : Nat, and 
so we cannot use the fact that factorial x = n. What is required is a function forget of 
type n : Nat -> FactorialNat n -> Nat that converts an element of FactorialNat n 
into its underlying natural number. Unfortunately, we cannot first define the data type 
FactorialNat and then define the function forget thereafter. Instead, as becomes evident 
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upon replacing ??? by forget x in the definition of FactorialNat, we must define both 
simultaneously. 

Fortunately, this can be done using the principle of definition by indexed induction- 
recursion (IIR) due to Dybjer and Setzer [191 I20j- Agda 2 supports indexed induction 
recursion, and so FactorialNat and forget can be defined (simultaneously) as follows: 
mutual 

data FactorialNat : Nat -> Set where 
fnzero : FactorialNat (succ zero) 
fnsucc : {n : Nat} -> 

(x : FactorialNat n) -> 
FactorialNat (succ (forget x) * n) 



forget : {n : Nat} -> FactorialNat n -> Nat 

forget fnzero = zero 

forget (fnsucc x) = succ (forget x) 

As we have already noted, it is possible to make sense of functions such as factorial in 
terms of initial F-algebras by using the existing notion of a paramorphism and its general- 
isation, a zygomorphism, but this gives incorrectly indexed types. Instead, making use of a 
presentation of inductive-recursive definitions as initial algebras (ISection 7.2ft . we show in 
ISection 7.3l that the definition of FactorialNat can be generalised to an inductive-recursive 



type satisfying the analogue of (7.1) for all zygomorphisms (rather than just factorial) 



and all initial algebras of functors (rather than just Nat). 



7.1. Zygomorphisms and Paramorphisms. Zygomorphisms were introduced by Mal- 
colm |31j . and have as a special case the concept of a paramorphism [33] ■ Given a mor- 
phism 7 : F(D x A) — >• A and an F-algebra 5 : FD — > D we define the F-algebra 
7,(5 : F(D x A) — > D x A by (So Ftvijj). The zygomorphism h associated with j,5 is 
defined to be tt2 o (I7, S\) : fiF — > A. It is the unique morphism satisfying the equation 
ho inp = 7 o .F((|<5D, h). Paramorphisms are a special case of zygomorphisms for which 5 is 
the initial -F-algebra inp : F(/jlF) — > /j,F. 

The factorial function above can be represented as a paramorphism (and hence as 
a zygomorphism). Recalling that the carrier of the initial algebra for the functor F^^X = 
1 + X is N, we can define 

fact : F Nat (N x N) — s> N 

fact zero = 1 (7.2) 

fact (succ (n, x)) = (n + l)*x 

Here, we have used zero and succ as suggestive names for the two injections into 1 + X. 
Taking 7 to be fact, the induced paramorphism from N to N is exactly the factorial function. 



7.2. Initial Algebra Semantics of Indexed Small Induction-Recursion. Indexed 
induction-recursion allows us to define a family of types X : A — > Set simultaneously with a 
recursive function / : Va. Xa — > Da, for some A-indexed collection of potentially large types 
Da. We are interested in the case when D does not depend on A, so that Da is D, and D is 
small, i.e., D is a set. In this situation, the semantics of IIR definitions can be given as initial 
algebras of functors over slice categories. We recall the definition of slice categories on Set. 
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Given a set D, the slice category Set/D on Set has as objects pairs (Z : Set, / : Z — >■ D). A 
morphism from (Z, f) to (Y,g) in Set/D is a function from /i : Z — > Y such that / = g o h. 
We write / for (Z, f) when Z can be inferred from context. 

Noting that Ma.Xa — > D is isomorphic to (Ea.-Xa) —> D and that Sa.Xa = {(A,X)}, 
this leads us to consider the category Set A Xs e t Set/D each of whose objects is an Aindexed 
set X together with a function from {(A X)} to D. A morphism in this category from (X, /) 
to (X',g) is a function <j) : Ma.Xa — >• X'a such that Va : Ap : Xa. f(a,p) = g(a,4>ap). In 
fact, this category is the following pullback: 

Set A x Set Set/D Set/D 

Set A — > Set 

The pair (FactorialNat, forget) can be interpreted as the carrier of the initial algebra 
of the following functor on Set N Xg e t Set/N: 

-^FactorialNat 

(X:Set N ,/:{(N,X)}^N)= (7.3) 
(An. {* | n = 1} + {(ni : N, x : Xn\) \ n = (ni + 1) * f(ni,x)}, 
A(n, x). case x of 

inl * 

inr (nx,x) f(nx,x) + 1) 

The first component of i^FactoriaiMat (X, /) defines the constructors of FactorialNat in a 
manner similar to that described in lSection 2.21 Note that this first component depends on 
both X and /, which is characteristic of inductive-recursive, as well as of indexed inductive- 
recursive, definitions. The second component of -^FactorialNat (-^ /) extends the function / 
to the new cases given in the first component of ^FactorialNat (X, /). 

To develop refinement by zygomorphisms, we use a similar methodology to that in 
ISection "61 We first use the refinement process of lSection 41 to generate a functor on Set Dx ^ 
which has an initial algebra, and then apply ITheorem 2.11 with the adjoint equivalence in 
the next theorem to produce the initial algebra for the functor on Set A Xs e t Set/D that we 



define in (7.6) below. 

Theorem 7.1. There is an adjoint equivalence Set A Xs e t Set/D ~ Set BXj4 which is wit- 
nessed by the following pair of functors: 

* : Set DxA ->■ Set A x Set Set/D 

tfpf) = ( Xa. {(d, x) \ d: D,x : X(d, a)}, X(a, (d, x)).d) 

$ : Set A x Set Set/D ^ Set DxA 

$(X,f) = X(d,a).{x : Xa\ f(a,x) = d} 

Proof This is a simple consequence of the fact that, for any set X, Set x ~ Set/X. □ 

In light of the equivalence demonstrated in ITheorem 7-H we could use Set £)Xj4 , rather than 
Set A x get Set /D, as the appropriate category for refinement by zygomorphisms. Our reasons 
for choosing the latter are twofold. First, as we noted in the introduction to this section, we 
want an ^-indexed type rather than a (D x ^4)-indexed type. Secondly, we want to define 
a function from that A-indexed type into D itself, rather than into a -D-indexed type. 
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7.3. Refinement by Zygomorphisms. We now show how to refine an inductive type 
by a zygomorphism to obtain an indexed inductive-recursive definition. Generalising the 
example of FactorialNat above, we want to construct from an F-algebra 5 : FD — > D 
and a morphism 7 : F(D x A) — > A an inductive-recursive characterisation of the following 
j4-indexed set and accompanying D-valued function: 

(Ao. {{d :D,x:nF)\ ff^x = (d, a)}, X(a, (d, x)). d) : Set A x Set Set/D (7.4) 

Note that although the fold (I7, 8\ applied to x produces a pair (d,a), the first component 
of the pair in (7.4) is an A-indexed set, rather than an (A x _D)-indexed set. We can now 
see that the object of Set" 4 Xg et Set/D in (7.4) is isomorphic to 

(Ao. {x : fj,F \ i 2 (px) = a}, A(o, x).^x) (7.5) 

The first component of (7.5) and hence the first component of (7.4) , is the refinement of [iF 
by the zygomorphism 112 o (I7, 6\j, and is thus is the A-indexed set we want to characterise 
inductively. To do this, we characterise (7.4) inductively. More specifically, we prove in 
ITheorem 7.21 below that the least fixed point of the following functor on Set A x g e t Set / D 

a}, 



gives an inductive-recursive characterisation of (7.4) 
F^ 5 (XJ) 



(Xa. {x : F{(D x A,$(X,f))} \ 7(F7t ( d xAM xj))x) 
X(a,x). 5(F7ri(F7r^ DxAMXJ)) x))) 



(7.6) 



This definition makes use of the functor <I> : Set XSetSet/^, -» Set AxD defined in lTheorem 71 
The first component of F 7,<5 (X, /) uses $ to bundle up X and / into a (D x A)-indexed set, 
and then applies S 7 o F as in the basic refinement construction in ISection 4l The second 
component of F^ ,s (X,f) extracts the underlying FD component of x and then applies S. 

Example 6. We instantiate the characterisation of F^' S in (7.6) for the factorial function 
from the introduction to this section. That is, we consider the functor F^X = 1 + X, the 
F-algebra m j? Mat : F Nat N -> N, and the morphism fact : F Nat (N xN)^N defined in |(7.2) 
Instantiating (7.6) gives 



,fact,ini 



Nat 



n}, 
= n}, 



(Xn.{x : F Nat {(L» x A, <$>(X, /)}) | fact(F i}at TT {DxAMXJ)) x) ■ 

X(n, x) . in Flat (F Nat vri (F Nat vr (D x a,*(X,/)) x ) ) ) 
(Xn.{x : 1 + {(D x A, /))} | fact((l + 7r {DxAMXJ)) )x) 

X(n, i).tn Fla ((1 + tti)((1 + TT( DxA ^(xj)))x))) 

We can rewrite the first component of p^ t,mF «^ (x, f) to the following N-indexed set 
depending on X and /: 

An.{* I fact(zero) = n} + {(d, ni),x : Xn\ \ f(ni,x) = d,fact (succ(d, n\)) = n}. 

The d component in the second summand above is constrained to be f(m,x), so we can 
first remove all references to d and then rewrite according to the definition of fact to obtain 

Xn.{* j 1 = n} + {ni, x : Xn\ \ (f{n\,x) + 1) * n\ = n] 

Using this rewriting of the first component of the instantiation, we can rewrite the second 
component of F^™™ (X, f) to use pattern matching and normal arithmetic notation to 
get 



A(n, x). case x of 



zero 

succ(m, x) 





f{ni,x) + 1 
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We have thus derived the definition of Factor iaiNat from (7.3) solely by way of a mechanical 
process, using the components of the paramorphism that computes factorials. Moreover, by 
ITheorem 7.21 below, we know that this functor has an initial algebra, and that this initial 
algebra represents the refinement of the natural numbers by the zygomorphism defining the 
function factorial. 

As described above, the correctness of refinement by a zygomorphism is a consequence 
of ITheorem 2.11 and the adjoint equivalence from ITheorem 7TT1 Indeed, we have: 



Theorem 7.2. The functor F 7 > d : Set A x Set Set/£> -> Set 4 x Set Set/D defined in (7.6) has 



an initial algebra whose carrier is given in (7.4) 



Proof. Observe that the object of Set" 4 Xs e t Set/D in (7.4) is isomorphic to the result of 
applying the functor ^ defined in ITheorem 7.11 to the result of refining fiF by the algebra 
(775) : F(D x A) -> Dx A. Indeed, 

*(A(d,o).{x :fiF \ Mx= (d,a)}) 
= (Aa. {(d : D, x : fj,F) \ ffjtyx = (d, a)}, A(a, (d, x)).d) 

The isomorphism in the first step above is by the refinement process from ISection "4"! and 
the equality in the second is by definition of 5 r . Now, to apply [Theorem 2.11 we must show 
that F 7 ' 5 o $ $ o F 7 - 5 . So suppose X is in Set DxA . Then 

= (Xa.{x : F{(D x | 7(F^x) = a}, A(a, x). 5(F^i (F^x))}) 

(Aa.{x : F{(D x A,X)} | 7(Fvrx) = a}, A(a, x). <5(F^i (Fttx))}) 

Here, we have used the fact that the functors $ and ^ form an adjoint equivalence by 
ITheorem 7.11 On the other hand, 

^(F^X) 

= *(A(d, a), {x : F{(D x A, X)} \ J^6)(Fttx) = (d, a)}) 

= *(A(d,a).{x : F{(D x A,X)} | 7 (Fvrx) = a, (^(Fvr^Fvrx)) = d}) 

^ (Aa.{(d : D,x : F{{D x A, X)}) | 7 (Fvrx) = a, 5(F^(Fvrx)) = d}, A(a, (d, x)). d) 

^ (Aa.{x : F{{D x A,*)} | 7(Fvrx) = a}, A(a, x). 5(Fvri (Fvrx))) 

by the definition of 7, 5. So, by the comment after ITheorem 2.11 *(//F 7 ' 5 ) = /xF 7 ' 5 . But 
since *(//FT' 5 ) is the same as |(7.4)[ we have that |(7.4)| can indeed be inductively charac- 
terised as ^F 7 ' 5 . □ 

It is also possible to state and prove a generalisation of ITheorem 7.21 in the general 
setting of a full cartesian Lawvere category with very strong coproducts, as defined in 
ISection 3l In this case, we make use of the category Ea B/D, which is defined by a 
pullback construction similar to that in ISection 7.21 The use of very strong coproducts is 
essential to proving the generalised analogue of the adjoint equivalence in ITheorem 7.11 In 
the general fibrational setting, we have the following definition of F 7,<5 : 

F^ 5 (X, f) = {Y. } {F DxA {<S>(X, /))), 5 o Ftt! o F^ {xj) ) 
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The formulation of zygomorphic refinement in the general setting of a full cartesian 
Lawvere category with very strong coproducts means that we can use the process described 
in lSection 51 to derive a fibration in which to perform zygomorphic refinement on indexed 
inductive types. 



Example 7. Example 6 illustrates refinement by a paramorphism, but does not use the full 
generality of refinement by a zygomorphism. We now demonstrate the power of refinement 
by a zygomorphism to mechanically derive an inductive characterisation of the data type 
of lists of rational numbers indexed by their average. 

We specialise the functor F ListB from Example 1 to get the functor representing the 
type of lists of rational numbers: F ListQ X = 1 + Q x X. We reuse the F ListB -algebra 
lengthalg : -F ListB N — > N, also from |Example 1[ whose fold computes the length of a list. 
We also consider the following F L ± st(} -algebra sumalg, which is used to compute the sum of 
the elements of a list: 

sumalg : -F L ist Q Q -> Q 

sumalg Nil =0 
sumalg (Cons(g, s)) = q + s 

By the standard construction of the product of two -F-algebras, we combine lengthalg and 
sumalg to produce the following single i^istQ-algebra whose fold will simultaneously com- 
pute the sum and length of a list of rational numbers: 

sumlengthalg : F ListQ (Q x N) -)• Q x N 

This algebra will form the -F-algebra component of the zygomorphism by which we will 
refine fJ,F histQ . 

The morphism component of the zygomorphism by which we will refine fiF L ± stQ has 
carrier 1 + Q. Here, the non-Q case caters for empty lists, for which the average is not 
defined. We use empty and avg as mnemonics for the left and right injections into 1 + Q. 
The morphism avg is defined by 

avg : F ListQ ((Q x N) x (1 + Q)) -> 1 + Q 

avg Nil = empty 

avg (Cons(g,((s,Z),-))) = avg(fg) 

Following a similar process to that in Example 6, we can now compute the refinement 
of /J.Fi istQ by sumlengthalg and avg: 

rpavg, sumlengthalg / y r\ 

-^ListQ 1 1 — 

(Xa. {* | a = empty} + {(q,a',x: Xa') \ a = avg( gg^^jj )}, 
Nil (0,0) 

Cons(q,a',x) =^ (q + vri(/(a', x)), vr 2 (/(a', x)) + 1)) 

In this definition, we have used iri(f(a',x)) to obtain the sum of the list underlying x, and 
have likewise used 7T2(/(a',x)) to obtain its length. Expressing this refinement in Agda 2 
gives the following definition: 

mutual 

data AvgList : 1 + Rational -> Set where 
nil : AvgList empty 
cons : (q : Rational) -> 

{a : 1 + Rational} -> 



A(a, x). case x of 
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(x : AvgList a) -> 

AvgList (avg ((q + sum x) / (length x + 1))) 

sum : {a : 1 + Rational} -> AvgList a -> Rational 

sum nil = 

sum (cons q x) = q + sum x 

length : {a : 1 + Rational} -> AvgList a -> Nat 

length nil = 

length (cons q x) = length x + 1 

The fact we have generated small indexed inductive-recursive types by a process of 
refinement by a zygomorphism leads to the interesting question of whether it is possible to 
further refine small indexed inductive-recursive types by any sort of refinement process. A 
thorough investigation of such processes should also involve large induction-recursion (recall 
that a large inductive-recursive type entails the definition of a Set-valued recursive function 
simultaneously with the inductive type). The setting of large inductive-recursive types is 
much more complicated than small (indexed) inductive-recursive types, and so we leave 
investigation of the refinement of general inductive-recursive types to future work. Recent 
work by Malatesta, Altenkirch, Ghani, Hancock and McBride [30] has shown that a large 
universe of small inductive-recursive types described by codes is equivalent to the universe 
of indexed containers [3]. This work may point to a way to formulate the development of 
this section in terms of codes for functors describing types rather than directly in terms of 
the functors themselves. 

Another interesting avenue for future work is to determine whether the partial re- 
finement process of ISection "HI can be combined with the zygomorphic refinement process 
presented in this section. 

8. Conclusions, Applications, Related and Future Work 

We have given a clean semantic framework for deriving refinements of inductive types that 
store computationally relevant information within the indices of the resulting refined types. 
We have also shown how already indexed types can be refined further, how refined types 
can be derived even when some elements of the original type do not have indices, and 
how refinement by zygomorphisms entails the use of small indexed induction-recursion for 
information hiding. In addition to its theoretical clarity, the theory of refinement we have 
developed has potential applications in the following areas: 

Dependently Typed Programming: Often a user is faced with a choice between building 
properties of elements of data types into more sophisticated data types, or stating these 
properties externally as, say, pre- and post-conditions. While the former is clearly preferable 
because properties can then be statically type-checked, it also incurs an overhead which can 
deter its adoption. Supplying the programmer with infrastructure to produce refined types 
as needed can reduce this overhead. 

Libraries: With the implementation of refinement, library implementers will no longer need 
to provide comprehensive collections of data types, but instead only methods for defining 
new data types. Our results also ensure that library implementers will not need to guess 
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which refinement types will prove useful to programmers, and can instead focus on providing 
useful abstractions for creating more sophisticated data types from simpler ones. 
Implementation: Current implementations of types such as Vector types store all index 
information. For example, a vector of length 3 will store the lengths 3, 2, and 1 of its 
subvectors. Since this can be very space-consuming, Brady et al. [9] have sought to de- 
termine when this information need not be stored in memory. Our work suggests that a 
refinement fj,F a can be implemented by simply implementing the underlying type fiF, since 
programs requiring indices can reconstruct these as needed. It could therefore provide a 
user-controllable tradeoff between space and time efficiency. 

8.1. Related Work. The work closest to that reported here is McBride's work on orna- 
ments [32]. McBride defines a type of descriptions of inductive data types, along with a 
notion of one description "ornamenting" another. Despite the differences between our fi- 
brational approach and his type-theoretic approach, the notion of refinement presented in 
ISections~^H and l~5l is very similar to McBride's notion of an algebraic ornament. Ornamenta- 
tion further allows for additional arbitrary data to be attached to constructors, something 
that is not possible with any of the refinement processes that we have discussed in this 
paper. On the other hand, ornamentation is restricted to inductive types and so does not 
allow for the generation of indexed inductive-recursive types that we presented in lSection 71 
The theory of ornamentation has been developed by Ko and Gibbons [28], who examine the 
relationship between the ornamental versions of the "local" and "global" refinement that 
we discussed in ISection 1.21 More recently, Dagand and McBride [14] have described an 
extension of McBride's original definition of ornamentation which allows for the removal of 
constructors. In our setting, the removal of constructors is possible with the use of partial 
refinement (jSection 6|h 

An interesting question for future work is to determine the relationship between func- 
tions defined on data types and functions defined on refined versions of data types. This 
question has been addressed in the setting of McBride's work on ornaments by Ko and 
Gibbons [28J and also by Dagand and McBride p3]. We have not considered the question 
of refinement of functions in this paper, and we leave it as future work to determine whether 
or not the fibrational approach taken here can provide any insight. 

Chuang and Lin [12] present a way to derive new indexed inductive types from ex- 
isting inductive types and algebras that is very similar to our basic refinement process in 
ISection 4l Chuang and Lin work in the setting of the codomain fibration, which makes some 
calculations easier, but extensions to partial and zygomorphic refinement more difficult. 

A line of research allowing the programmer to give refined types to constructors of 
inductive data types was initiated by Freeman and Pfenning [21]. Freeman and Pfenning 
defined a variant of ML that allowed programmers to define refinements of inductive types 
by altering the types of constructors, or by disallowing the use of certain constructors. 
Refinement of this sort did not require dependent types. This work was later developed by 
Xi [37], Davies [15] and Dunfield [17] for extensions of ML-like languages with dependent 
types, and by Pfenning [35] and Lovas and Pfenning [29] for LF. The work of Kawaguchi 
et al. [27] is also similar. This research begins with an existing type system and provides 
a mechanism for expressing richer properties of values that are well-typeable in that type 
system. It is thus similar to the work reported here, although a major focus of the work 
of Freeman and Pfenning and its descendants is on the decidability of type checking and 
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inference of refined types, which we have not considered in this paper. On the other hand, 
we formally prove that each refinement is isomorphic to the richer, property-expressing data 
type it is intended to capture, rather than leaving this to the programmer to justify on a 
refinement-by-refinement basis. 

Refinement types have been used in other settings to give more precise types to programs 
in existing programming languages (but not specifically to inductive types). For example, 
Denney [16] and Gordon and Fournet [23] use subset types to refine the type systems of 
ML-like languages. Subset types are also used heavily in the PVS theorem prover [36] . 

Our results extend the systematic code reuse delivered by generic programming [21 [5j [7] : 
in addition to generating new programs we can also generate new types from existing types. 
This area is being explored in Epigram [11], with codes for data types being represented 
within a predicative intensional system. This enables programs to generate new data types. 
It should be possible to implement our refinement process using similar techniques. 

In addition to the specific differences between our work and that discussed above, a 
distinguishing feature of ours is the semantic methodology we use to develop refinement. 
We believe that this methodology is new. We also believe that a semantic approach is 
important: it can serve as a principled foundation for refinement, as well as provide a 
framework in which to compare different implementations. Moreover, it may lead to new 
algebraic insights into refinement that complement the logical perspective of previous work. 
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